39 matches found
MiracleLinux 7 : freeradius-3.0.13-10.el7 (AXSA:2019-3883:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3883:01 advisory. Security Fix - FreeRADIUSCVE-2019-9497 Dragonblood CVE-2019-11234 - FreeRADIUSCVE-2019-9498CVE-2019-9499 Dragonblood CVE-2019-11235...
Mageia: Security Advisory (MGASA-2019-0176)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1181-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1039-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : freeradius:3.0 (CESA-2019:1142)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1142 advisory. - freeradius: eap-pwd: fake authentication using reflection CVE-2019-11234 - freeradius: eap-pwd: authentication bypass via an invalid curve attack...
Virtuozzo 7 : freeradius / freeradius-devel / freeradius-doc / etc (VZLSA-2019-1131)
An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2020:0542-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2019-1572)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2019-1573)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2019-1574)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...
NewStart CGSL CORE 5.05 / MAIN 5.05 : freeradius Multiple Vulnerabilities (NS-SA-2019-0083)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has freeradius packages installed that are affected by multiple vulnerabilities: - FreeRADIUS before 3.0.19 mishandles the each participant verifies that the received scalar is within a range, and that the received group elemen...
NewStart CGSL CORE 5.04 / MAIN 5.04 : freeradius Multiple Vulnerabilities (NS-SA-2019-0079)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freeradius packages installed that are affected by multiple vulnerabilities: - FreeRADIUS before 3.0.19 mishandles the each participant verifies that the received scalar is within a range, and that the received group elemen...
Oracle Linux 8 : freeradius:3.0 (ELSA-2019-1142)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1142 advisory. 3.0.17-4 - Fixes two EAP-PWD security issues Resolves: bz1699416 authentication bypass with an invalid curve attack Tenable has extracted the preceding...
Important: freeradius
Issue Overview: FreeRADIUS mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and...
EulerOS 2.0 SP5 : freeradius (EulerOS-SA-2019-1574)
According to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - freeradius: eap-pwd: fake authentication using reflection CVE-2019-11234 Note that Tenable Network Security has extracted the preceding...
Updated freeradius packages fix security vulnerability
An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...
MGASA-2019-0176 Updated freeradius packages fix security vulnerability
An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...
CentOS 7 : freeradius (CESA-2019:1131)
An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
freeradius security update
CentOS Errata and Security Advisory CESA-2019:1131 An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...